A few days ago, Carol Evrard (TMT), Erik Valgaeren (TMT), Jérôme Aubertin (Employment) and Cyril Fischer (TMT) had the pleasure to discuss some of the numerous interrelations between data protection and employment law.
Taking into account the opposing interests and rights of employers (right to control employees, to property and to conduct a business) and employees (privacy, right to data protection, and protection of communications), it is not surprising that situations where the right balance is to be found are multiple. To name a few: can employers ask the criminal record or union affiliation of applicants? What about medical information? Can they check LindedIn or Facebook profiles? What type of measures can employers take to control the access to premises (CCTV, badges, biometric access, chips, etc.)? Can employers take pictures of their employees, and to what extent can they monitor them (BYOD issues, geo-localisation systems)? Do employees have the right to access their appraisals after the end of the employment relationship? On the contrary, can employers use the former e-mail address of their employees? Practically, how long should all this information be retained?
There is of course no single answer to all these questions. Indeed, as always where rights must be balanced, it is a matter of circumstances, degree of detriment and importance of rights. All elements must be weighed against each other to eventually fine tune the right solution. The GDPR expert will however never stray from the GDPR principles: legitimacy, transparency, proportionality, purpose limitation and accuracy.